1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

OT: Cracking a password as domain admin...

Discussion in 'UO Siege Perilous' started by Wulf2k, Aug 21, 2009.

  1. Wulf2k

    Wulf2k Stratics Legend
    Stratics Veteran Stratics Legend Crusader of Chaos

    Joined:
    Feb 27, 2004
    Messages:
    7,565
    Likes Received:
    314
    Anybody know any good (trustworthy) utilities for divulging the password of an Active Directory account without having to reset it?

    I have to set up one of the photocopiers to be able to scan to an SMB share, and all the others are set up to use an account that nobody has touched in over half a decade. Resetting it means quadrupling my work, as I'd have to go around to each and set it up with the new credentials.

    That's probably what I'll end up doing though. Ah well, I'm off early today, not my problem as of three minutes ago. Screw you "Wulf 65 hours in the future", it's your problem now! Sucker!

    *leaves*
     
  2. Daleth

    Daleth Guest

    ehh? Reading that let alone understanding it made my wee brain hurt a lot!!!:bored:
     
  3. Skylark SP

    Skylark SP Available Storage: 0
    Stratics Veteran

    Joined:
    Jun 27, 2004
    Messages:
    10,746
    Likes Received:
    8
    Wulf, the short answer to that is: yes. The long answer is, use of any such utilities, even having them in your possession/on the premises, depending on your workplace, can cost you your job, particularly if you work for a financial or government institution. If your IT infrastructure deems expired account password RECOVERY (not reset) via hash reading/cracking or password strength testing with brute force attacks on user accounts (which means you set a time threshold for cracking them, and assign pass/fail to the account) as a routine part of your job, then they will have provided (and paid licensing fees) for the tools that allow those activities, and have policies for their use. Additionally, those sorts of things usually need an audit trail so "legitimate" a/k/a ethical hacking is established.

    Depending on your infrastructure, your organization may have security/anti-malware software that looks for signatures of various "admin utilities" if they are downloaded on a monitored area of the network.

    I'm not saying that thousands of IT admins & help desk folks don't have private copies of these "admin utilities" on corporate networks on their own initiative to assist in their job, just that it can be a risky thing.

    -Skylark
     
  4. Varka

    Varka Adventurer
    Stratics Veteran

    Joined:
    Jun 20, 2008
    Messages:
    63
    Likes Received:
    2
    Yes, it's possible.

    But quite time consuming.

    The best way to do it is via a "rainbow tables."

    Here's an overview, althoug posting this link may be against some TOS or somesuch. Don't really care.

    http://www.ethicalhacker.net/content/view/94/24/

    My place of employment actually built and maintains a set of rainbow tables for just such an occasion...
     
  5. Wulf2k

    Wulf2k Stratics Legend
    Stratics Veteran Stratics Legend Crusader of Chaos

    Joined:
    Feb 27, 2004
    Messages:
    7,565
    Likes Received:
    314
    Well, I promise to not recommend my termination for possession of such tools at the next committee meeting. =p

    I have full access to the domain controller. I could reset the password if necessary, but would prefer not to.

    I don't need anything to penetration test the entire network, just something to obtain the password for a single account. I know there are legitimate, freely available tools out there that do this, but anybody that's already familiar with a good one would be better than a goole search of "crack windows password no virus please". I would still take all necessary precautions with such a tool of unknown origin.
     
  6. Wulf2k

    Wulf2k Stratics Legend
    Stratics Veteran Stratics Legend Crusader of Chaos

    Joined:
    Feb 27, 2004
    Messages:
    7,565
    Likes Received:
    314
    Varka, before getting into that too much, does it work for AD accounts?

    I thought that only worked for local machine accounts.
     
  7. SoulWeaver

    SoulWeaver King of The Bearded Ladies
    Stratics Veteran

    Joined:
    Dec 16, 2007
    Messages:
    6,537
    Likes Received:
    729
    So what i got from this is you want to photo copy big Roosters...